Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,622 advisories

Loading
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP... Low Unreviewed
CVE-2023-52147 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality... Low Unreviewed
CVE-2023-47769 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,... Low Unreviewed
CVE-2023-49748 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries... Low Unreviewed
CVE-2023-49822 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login... Low Unreviewed
CVE-2023-47818 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login... Low Unreviewed
CVE-2023-48335 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode... Low Unreviewed
CVE-2023-49741 was published Jun 4, 2024
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality... Low Unreviewed
CVE-2023-27437 was published Jun 4, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar,... Low Unreviewed
CVE-2023-24373 was published Jun 4, 2024
Password confirmation stored in plain text via registration form in statamic/cms Low
CVE-2024-36119 was published for statamic/cms (Composer) Jun 2, 2024
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865,... Low Unreviewed
CVE-2024-1048 was published Feb 6, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
silverstripe/framework sends passwords back to browsers under some circumstances Low
GHSA-vh7q-j8p5-2h4h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework password encryption salt not updated Low
GHSA-f3wp-xpv2-6vmg was published for silverstripe/framework (Composer) May 27, 2024
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. Low Unreviewed
CVE-2024-29852 was published May 23, 2024
A flaw was found in the libssh implements abstract layer for message digest (MD) operations... Low Unreviewed
CVE-2023-6918 was published Dec 19, 2023
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit... Low Unreviewed
CVE-2023-6004 was published Jan 3, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor Low
GHSA-779c-7w4p-2c4g was published for silverstripe/admin (Composer) May 22, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
ProTip! Advisories are also available from the GraphQL API